Cyware Daily Threat Intelligence April 09, 2018

Fake WhatsApp Plus
Hackers are circulating a fake WhatsApp app, dubbed WhatsApp Plus, on the web. This malicious app is a variant of Android/PUP.Riskware.Wtaspin.GB, a fake WhatsApp riskware. The app is capable of stealing sensitive information from the infected smartphone and also install malware. The APK file of the app is in circulation online via comments on blogs and forums.

NetSupport Manager RAT
Compromised websites are being leveraged to spread NetSupport Manager remote access tool (RAT) in the form of fake updates masquerading as Adobe Flash, Chrome, and FireFox updates. This is a malicious JavaScript payload, that sends basic system information--like architecture, computer name, username, processors, OS, domain, manufacturer, model, MAC address, keyboard, pointing device, display controller configuration, and more--to the server.

LockCrypt ransomware cracked
Weakness in encryption in the LockCrypt ransomware has been identified by security researchers. The malware is spread via RDP brute-force attacks that must be manually installed. Since the hackers reused the buffer, their algorithm became vulnerable to a plain text attack. XSS Flaw found in IBM WebSphere Portal
A cross-site scripting (XSS) flaw, dubbed as CVE-2018-1483, has been discovered in IBM WebSphere Portal. This flaw allows hackers to embed arbitrary JavaScript code in the UI of the web to alter the intended functionality and leads to the disclosure of the credentials. The flaw has already been fixed.

Authentication bypass flaw in Auth0 Identity platform
An authentication bypass vulnerability has been discovered in identity-as-a-service platform Auth0. Exploiting this flaw would allow hackers to access any portal or application, which are using Auth0 service for authentication. The vulnerability has been mitigated as the affected libraries have been extensively rewritten. New versions of SDKs have also been released.

Vulnerability in Linux Beep Command
A local privilege escalation vulnerability has been discovered in beep, an advanced PC speaker beeper. Beep allows the calling user to trigger those side effects even if they are not authorized to do so. Users needn't worry, as this tool doesn't exist in most of the modern day processors.